[Fusioninventory-devel] Dropping the authentication token
Guillaume Rousse
guillomovitch at gmail.com
Thu Feb 28 16:05:08 UTC 2013
The master+nomoretoken branch I just commited today allows to get rid of
the authentication token, simply by automatically trusting all target
servers.
Advantages:
- one less variable to share with the http server thread
- one less variable to ensure persistence on agent side
- no more need to wait for initial dialog between agent and server to
complete the server can control the agent
- less code
Disadvantages:
- anything on the server host can force agent execution, not just the
server itself (to be balanced against: anything able to bruteforce or
the intercept the token can achieve it).
Comments ?
--
BOFH excuse #148:
Insert coin for new game
More information about the Fusioninventory-devel
mailing list